-
I'm looking for simple step by step instructions to setup gotenberg on render.com I can set up the gotenberg service as a web service, but given that it's just open to anyone, I don't want to do that as I have no way to authenticate users and block unauthorized users. To try and fix this, I'm working on setting up kong in front as a proxy to gotenberg set up as a private service. I'm in configuration hell and I'm wondering if there's an easier way. Issues raised here seem to imply that running the service in an open manner is bad, but then don't give clear instructions on how to secure the service. I'm running an app on bubble.io and need to make calls over the internet to my render.com instance of gotenberg. Basic Auth security or something similar is perfectly fine with me. I just don't want to have the world use my instance. Is there a way to set things up securely so that I haven't exposed it to the world as a web service? |
Beta Was this translation helpful? Give feedback.
Replies: 1 comment 3 replies
-
Hello @bitshaker, Having two platforms on different networks, your approach (using a reverse proxy) is actually the correct one IMO. I'm not familiar with Kong though, so good luck 😄 |
Beta Was this translation helpful? Give feedback.
I was able to set up a private git repo with a Dockerfile to make Nginx into a reverse proxy and deployed directly to render.com using these instructions. https://www.theserverside.com/blog/Coffee-Talk-Java-News-Stories-and-Opinions/Docker-Nginx-reverse-proxy-setup-example and https://medium.com/pernod-ricard-tech/adding-basic-authentication-with-nginx-as-a-reverse-proxy-a229f9d12b73
For security by obscurity sake, I left everything the same and the only route that's forwarded is the route to the pdf conversion with chrome that I needed.
Then, I added basic authentication as that was easy to do in the Dockerfile I set up.
Here's what the default.conf file looks like